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Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
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DETAILED ACTION 

CLAIMS PRESENTED 

Claims 1-14 are presented. 

CLAIM REJECTIONS 

Claim Rejections - 35 USC § 102 

The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in 
public use or on sale in this country, more than one year prior to the date of application for patent in 
the United States. 

Claims 1-10 and 12-14 are rejected under 35 U.S.C. 102(b) as being anticipated 

by Win, US Patent No. 6182142. 

As per claim 1 and 13, Win teaches: 

System for providing secure service access for a user to at least one service from a service 
provider, where the user and the service provider are provided with means for connection to a 
common computer network, said system comprising: 

one or more validation service units arranged for performing the steps of: receiving a name in a 
user certificate from an access server, controlling the validity of the user certificate, 

[see page 6, lines 6-16] 
if the user's certificate is valid, either sending the user's certificate name to an authorization 
service unit for translation to a user name, and passing the user name returned from the 
authorization service unit to the access server, or passing the user's certificate name to the 
access server, 

[see page 9, lines 63-67 and page 10, lines 1-5] 
if the user's certificate is not valid, denying the user access to the service; 
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[see page 10, lines 1-5] 
one or more authorization service units arranged for performing the steps of: receiving a user's 
certificate name from a validation service unit or an access server, sending the user's certificate 
name to a database, receiving user name and profile from the database, passing the named user 
identity to the validation service unit or the access server, 

[see page 6, lines 48-61] 
receiving a query for access rights from an access server, querying for subscription info from the 
database, receiving subscription' info from the database, determining access rights based on said 
subscription info, passing access rights to the access server; 

[see page 8, lines 56-67] 
and one or more authorization role units and adjoining databases arranged for performing the 
steps of: receiving a user's certificate from an authorization service unit, locating the user's name 
and profile in the database, sending user's name and profile to the authorization service unit, 
receiving a query for subscription info from an authorization service unit, sending subscription info 
to the authorization service unit. 

[see page 13, lines 23-31] 

As per claim 2 and 14, Win teaches: 

System according to claim 1 , further comprising at least one access server, arranged for 
performing the steps of: 

receiving a request from the user, authenticating to user and asking for client authorization, 
performing a challenge/response sequence, 

[see fig. 5b, step 502] 
requesting a certificate and proof of possession of a private key from the user, 

[see fig. 5b, element 504 and col. 23, lines 1-5] 
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passing the name in the certificate to a validation service unit, in case of valid user certificate, 
receiving named user identity from an authorization service unit, querying an authorization 
service unit for access rights, receiving access rights from the authorization service unit, 

[see page 8, lines 56-67] 
locating an appropriate service menu, presenting the service menu to the user, and transferring 
information between the user and the service provider. 

[see col. 6, lines 17-24] 

As per claim 3, Win teaches: 

System according to claim 1 or 2, wherein the access server comprises means for: supporting 
HTTPS, or other means for securing communication channels, authenticating the access server 
to clients/users, preferably by use of PKI technology, supporting protocols necessary to 
communicate with the validation service and the authorization service unit, supporting one or 
more protocols for PKI-based client/user authentication, implementing the functionality needed to 
display information to the user and to handle user input, acting as a proxy server between the 
user and a service. 

[see col. 23, lines 1-5 and col. 4, lines 56-67] 

As per claim 4, Win teaches: 

System according to claim 1 or 2, wherein requesting a certificate and a private key from the user 
may be performed by using a directory lookup. 
[see col. 21, lines 52-65] 

As per claim 5, Win teaches: 

System according to claim 1 or 2, wherein the access server is adapted for mediating direct 
access to the service in a single sign-on manner. 
[see col. 3, lines 7-14] 
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As per claim 6, Win teaches: 

System according to claim 1 or 2, wherein the database storing the user name and profile, is also 
storing other user related information. 
[see col. 12, lines 46-54] 

As per claim 7, Win teaches: 

System according to claim 3, wherein the access server, when using other means for securing 
the communication channel, is establishing a SLL/TLS session with the server authentication 
only, and running the user authentication protocol on the established secure channel. 
[see col. 22. lines 65-67] 

As per claim 8, Win teaches: 

System according to claim 3, wherein the user, in case of several alternatives of authentication 
methods, is presented with the choices, and the access server is establishing a SSL/TLS session 
with the chosen method of client authentication. 
[see col. 22. lines 65-67] 

As per claim 8, Win teaches: 

System according to claim 5, wherein the service provider is included in the system and is 
adapted for accessing and exchanging information with the authorization service unit. 
[see col. 4, lines 56-67] 

As per claim 10, Win teaches: 

System according to claim 1, wherein said validation service units, said authorization service 
units and said authorization role units are computer-implemented. 



Application/Control Number: 

10/507,131 

Art Unit: 2136 



Page 6 



[see col. 26, lines 1-19] 



Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described 
as set forth in section 102 of this title, if the differences between the subject matter sought to 
be patented and the prior art are such that the subject matter as a whole would have been 
obvious at the time the invention was made to a person having ordinary skill in the art to which 
said subject matter pertains. Patentability shall not be negatived by the manner in which the 
invention was made. 

Claim 1 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over Win as 

applied to claims 1 or 2 above, and further in view of Kahn, et al. (US Patent No. 

6853728. 

As per claim 11: 

The Win reference has been discussed above. Win does not disclose using the system of claim 
1 for providing authentication, authorization, and access to a value-added service such as video 
on demand. Kahn teaches a video on demand system. It would have been obvious to one of 
ordinary skill in the art to combine the teachings of Win with the video on demand system of Kahn 
in order improve the security of the Kahn system. 

POINTS OF CONTACT 

Any response to this Office Action should be faxed to (571) 273-8300 or mailed to: 

Commissioner for Patents 
P.O. Box 1450 
Alexandria, VA 22313-1450 

Hand-delivered responses should be brought to 
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Customer Service Window 
Randolph Building 
401 Dulaney Street 
Alexandria, VA 22314 



*. Any inquiry concerning this communication or earlier communications from the examiner 
should be directed to Daniel L. Hoang whose telephone number is 571-270-1019. The examiner 
can normally be reached on Monday - Thursday, 8:00 a.m. - 5:00 p.m., EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Nasser Moazzami can be reached on 571-272-4195. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR system, 
see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 
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